Skip to content

Commit

Permalink
Merge pull request #4 from dms1981/feature/aws-service-role
Browse files Browse the repository at this point in the history 
use AWS managed policy, make schedule name compliant
  • Loading branch information
@dms1981
dms1981 authored May 18, 2022
2 parents 2e016f8 + 1de3f0d commit a154217
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 28 deletions.
20 changes: 0 additions & 20 deletions data.tf
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
data "aws_caller_identity" "current" {}


data "aws_iam_policy_document" "dlm_lifecycle_role" {
statement {
actions = ["sts:AssumeRole", ]
Expand All @@ -9,23 +8,4 @@ data "aws_iam_policy_document" "dlm_lifecycle_role" {
identifiers = ["dlm.amazonaws.com"]
}
}
}

data "aws_iam_policy_document" "dlm_lifecycle_policy" {
statement {
actions = ["ec2:CreateTags", ]
resources = ["arn:aws:ec2::${data.aws_caller_identity.current.account_id}:snapshot/*"]
}

statement {
actions = [
"ec2:CreateSnapshot",
"ec2:CreateSnapshots",
"ec2:DeleteSnapshot",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots"
]
resources = ["arn:aws:ec2::${data.aws_caller_identity.current.account_id}"]
}
}
13 changes: 5 additions & 8 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ resource "aws_dlm_lifecycle_policy" "dlm_daily_snapshots" {
resource_types = ["VOLUME"]

schedule {
name = "Daily snapshot at 3:00AM"
name = format("%s-%s-schedule", var.service, var.environment)

create_rule {
interval = 24
Expand Down Expand Up @@ -38,10 +38,7 @@ resource "aws_iam_role" "dlm_lifecycle_role" {
tags = var.tags
}


resource "aws_iam_role_policy" "dlm_lifecycle_policy" {
name = lower(format("dlm-lifecycle-policy-%s-%s", var.service, var.environment))
role = aws_iam_role.dlm_lifecycle_role.id
policy = data.aws_iam_policy_document.dlm_lifecycle_policy.json
}

resource "aws_iam_role_policy_attachment" "dlm_lifecycle_policy_attachment" {
role = aws_iam_role.dlm_lifecycle_role.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRole"
}

0 comments on commit a154217

Please sign in to comment.